MongooseJS函数Model.countDocuments()是否验证所使用的过滤器?还是受到不安全输入的注入攻击?
例如,
var mongoose = require('mongoose')
var TestSchema = new mongoose.Schema({
firstname: String,
lastname: String,
job_title: String
})
var Test = mongoose.model('Test', TestSchema)
Test.countDocuments({ job_title: request.body.manager_search })
.then((result) => { console.log("result: ", result) })
.catch((err) => { console.log("Error counting documents: ", err) })
此代码是引入注入矢量,还是request.body.manager_search将通过此函数转换为字符串?
否,它不会验证,也不会强制转换为String。
猫鼬调用本机MongoDB收集方法countDocuments(query, options)
如果query包含注入向量(例如job_title: {'$ne':''},see restrictions),MongoDB 将不会阻止应用程序中的注入
示例:
{ job_title: 'foo' }
result: 2
{ job_title: { '$ne': '' } }
result: 3
解决方案:
棘手的解决方案:{ job_title: {$in:[request.body.manager_search] } }棘手的解决方案2:{ job_title: request.body.manager_search + "" }Mongo消毒:https://www.npmjs.com/package/mongo-sanitize